HackTheBox - Waldo HD

01:15 - Begin of Recon 02:00 - Looking at what Filtered means in Nmap 05:00 - Start of looking at webpage (GoBuster) 06:30 - Manual HTTP Enumeration 09:50 - Start of exploiting with BurpSuite 17:00 - SSH Key Found, logging in with nobody 19:12 - Discovering a second SSH Server 23:36 - Using the same SSH Key to login to the second SSH Server as monitor 24:38 - Escaping rBash by modifying an executable file in our current $PATH 28:13 - Running LinEnum.sh to search for PrivEscs 30:50 - Enabling ThoroughTests in LinEnum to see what else it will check 36:30 - Looking into capabilities permission sin linux 39:00 - Begin of second way to escape rBash and setup a SSH Tunnel for fun